add api authentication
This commit is contained in:
albert
@@ -5,12 +5,22 @@ class ApplicationController < ActionController::Base
|
||||
after_filter :reset_current_user
|
||||
before_filter :set_title
|
||||
before_filter :set_started_at_session
|
||||
before_filter :api_check
|
||||
layout "default"
|
||||
|
||||
rescue_from User::PrivilegeError, :with => :access_denied
|
||||
rescue_from Danbooru::Paginator::PaginationError, :with => :render_pagination_limit
|
||||
|
||||
protected
|
||||
def api_check
|
||||
if CurrentUser.is_anonymous? && request.format.to_s =~ /json|xml/
|
||||
render :text => "401 Not Authorized\n", :layout => false, :status => 401
|
||||
return false
|
||||
end
|
||||
|
||||
return true
|
||||
end
|
||||
|
||||
def rescue_exception(exception)
|
||||
@exception = exception
|
||||
|
||||
@@ -53,7 +63,7 @@ protected
|
||||
end
|
||||
|
||||
def set_current_user
|
||||
session_loader = SessionLoader.new(session, cookies, request)
|
||||
session_loader = SessionLoader.new(session, cookies, request, params)
|
||||
session_loader.load
|
||||
end
|
||||
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
class SessionLoader
|
||||
attr_reader :session, :cookies, :request
|
||||
attr_reader :session, :cookies, :request, :params
|
||||
|
||||
def initialize(session, cookies, request)
|
||||
def initialize(session, cookies, request, params)
|
||||
@session = session
|
||||
@cookies = cookies
|
||||
@request = request
|
||||
@params = params
|
||||
end
|
||||
|
||||
def load
|
||||
@@ -12,8 +13,10 @@ class SessionLoader
|
||||
load_session_user
|
||||
elsif cookie_password_hash_valid?
|
||||
load_cookie_user
|
||||
else
|
||||
load_session_for_api
|
||||
end
|
||||
|
||||
|
||||
if CurrentUser.user
|
||||
CurrentUser.user.unban! if ban_expired?
|
||||
else
|
||||
@@ -26,6 +29,32 @@ class SessionLoader
|
||||
|
||||
private
|
||||
|
||||
def load_session_for_api
|
||||
if request.authorization
|
||||
authenticate_basic_auth
|
||||
|
||||
elsif params[:login].present? && params[:api_key].present?
|
||||
authenticate_api_key(params[:login], params[:api_key])
|
||||
|
||||
elsif params[:login].present? && params[:password_hash].present?
|
||||
authenticate_legacy_api_key(params[:login], params[:password_hash])
|
||||
end
|
||||
end
|
||||
|
||||
def authenticate_basic_auth
|
||||
credentials = ::Base64.decode64(request.authorization.split(' ', 2).last || '')
|
||||
login, api_key = credentials.split(/:/, 2)
|
||||
authenticate_api_key(login, api_key)
|
||||
end
|
||||
|
||||
def authenticate_api_key(name, api_key)
|
||||
CurrentUser.user = User.authenticate_cookie_hash(name, api_key)
|
||||
end
|
||||
|
||||
def authenticate_legacy_api_key(name, password_hash)
|
||||
CurrentUser.user = User.authenticate_hash(name, password_hash)
|
||||
end
|
||||
|
||||
def load_session_user
|
||||
CurrentUser.user = User.find_by_id(session[:user_id])
|
||||
CurrentUser.ip_addr = request.remote_ip
|
||||
|
||||
@@ -96,5 +96,12 @@
|
||||
<% end %>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<% if CurrentUser.user.id == user.id %>
|
||||
<tr>
|
||||
<th>API Key</th>
|
||||
<td><%= CurrentUser.user.bcrypt_cookie_password_hash %></td>
|
||||
</tr>
|
||||
<% end %>
|
||||
</table>
|
||||
</div>
|
||||
Reference in New Issue
Block a user